[BlueOnyx:15392] Re: SSL Untrusted

[Richard Sidlin]

> On 5/13/2014 12:23 PM, Richard Sidlin wrote:
> >> Hi Richard,
> >> Were you certain to add the CA in via the GUI?   I personally installed
> >> over a dozen SSL certs myself on various BlueOnyx servers yesterday,
> >> and they all functioned OK on every browser, so I would probably make
> >> a point
> > to
> >> double-check...
> >>
> > Not certain at all and just added it in. I guess Chrome and IE don't
> > complain about that. One thing, although it doesn't come up with the
> > security error, it has a little exclamation mark and reports that the
> > web site does not supply ownership information. Is this easily fixed?
> > Thank you for that fix Chris.
> 
> It could just be that Firefox doesn't have the CA preloaded.  When some of
> the SSL vendors go on about "97% worldwide browser compatibility"
> that could be part of what they're talking about.   Adding the CA into
> the server ensures that the browser (any browser) should accept the cert
> without complaint.
> 
> What you're seeing now is probably 2 things.
> #1: The "!" is indicating that although you're using https to pull the
page,
> there may be an element or elements that are not being served by
> https.   That's most likely unrelated to...
> 
> #2: "The site does not supply ownership information."  If you purchased a
> domain-validated SSL certificate, that's true.  The domain-validated
> certificates are the least expensive of signed certs, partially because
> there is very little in terms of actual validation to be done.   I'm
> guessing all you had to do is verify that you received email at a
particular
> address. There are more expensive certificates that involve the SSL vendor
> actually checking into who owns the domain and is sort of a mini
background
> check.  Those "extended validation" certs are the ones that will turn your
> browser address bar green.
> 
> I hope that helps.
> 
That's brilliant. Thanks Chris.